Top UK directors lack training to deal with cyber attacks

The UK’s top firms and charities urgently need to do more to protect themselves from online threats, according to a government-backed audit

Zubin Randeria, cyber security leader at PwC, said the reports echo the findings of the PwC CEO Survey, which found that three-quarters of UK CEOs consider cyber risks to be a significant threat to their business and 97% are addressing cyber incidents.

“It’s positive that cyber security is now front of mind for boards and business leaders, but concerning that many still are not equipping themselves with the right knowledge to respond when the worst does happen,” he said.

The latest annual health check, however, revealed there has been progress since last year, with more than half of FTSE350 boards now setting out their approach to cyber risks, up by 20 percentage points to 53%, and more than half of businesses having a clear understanding of the impact of a cyber attack, up from 49% to 57%.

Phill Everson, head of cyber risk services at Deloitte, said this year’s cyber health check marks a clear improvement in board level awareness of cyber risks and their impacts, driven in large part by high-profile, cross-sector incidents.

“There is still some way to go, though, as the findings show that many boards still do not have a defined role to lead a company-wide response. This corroborates the recent Deloitte analysis of FTSE100 annual reports, which found that just 5% disclose having a board member with specialist technology or cyber experience,” he said.